Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

does setting security level from script runner fail without error?

Here is my groovy code - it works perfectly, except for it fails to set the security level and no error is generated.

I can manually (using the JIRA UI) set the security level, as an admin. I have enabled the test user I've been creating issues with ('vendor2') for set security level, and they can do it from the UI.  

import com.atlassian.crowd.embedded.api.User
import com.atlassian.jira.ComponentManager
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.issue.IssueFactory
import com.atlassian.jira.issue.IssueManager
import com.atlassian.jira.issue.fields.config.manager.IssueTypeSchemeManager
import com.atlassian.jira.issue.Issue
import com.atlassian.jira.project.ProjectManager
import com.atlassian.jira.user.UserUtils
import com.atlassian.jira.util.ImportUtils
import com.opensymphony.workflow.WorkflowContext
import com.atlassian.jira.project.Project
import org.ofbiz.core.entity.GenericValue
import org.apache.log4j.Category
def Category log = Category.getInstance("com.onresolve.jira.groovy.PostFunction")

Issue issue = issue
issueKey = issue.getKey()
log.debug "DBG: " + issueKey
issueMgr = ComponentAccessor.getComponent(IssueManager.class)
projectMgr = ComponentAccessor.getComponent(ProjectManager.class)
linkManager = ComponentAccessor.getComponent(IssueLinkManager.class)
linkTypeManager = ComponentAccessor.getComponent(IssueLinkTypeManager.class)
issueSecuritySchemeManager = ComponentAccessor.getComponent(IssueSecuritySchemeManager.class)
issueSecurityLevelManager = ComponentAccessor.getComponent(IssueSecurityLevelManager.class)
Project srcProject = issue.getProjectObject()
String currentUser = ((WorkflowContext) transientVars.get("context")).getCaller();
User currentUserObj = UserUtils.getUser(currentUser);
def wasIndexing = ImportUtils.indexIssues
ImportUtils.indexIssues = true
issueFactory = ComponentAccessor.getComponent(IssueFactory);
newissue = issueFactory.getIssue()
newissue.setSummary (issue.summary)
newissue.setProjectObject (projectMgr.getProjectObj(
def newIssueType = ComponentAccessor.issueTypeSchemeManager.getIssueTypesForProject(issue.projectObject).find{"Quote"}
newissue.setIssueTypeObject (newIssueType)
newissue.description = issue.description
newissue.reporter = issue.getReporter()
newissue.assignee = currentUserObj
params = ["issue":newissue]
subTask = issueMgr.createIssueObject(currentUserObj, params)
log.debug "DBG: " + subTask.getKey()

linkMgr = ComponentAccessor.getComponent(IssueLinkManager)
def sequence = 0
for (IssueLink link in linkMgr.getInwardLinks( {
if ("Quotes" == {

Collection<IssueSecurityLevel> issueSecurityLevels = issueSecurityLevelManager.getAllIssueSecurityLevels()
def secLevel = currentUserObj.getName() + "_only"
log.debug "DBG: secLevel=" + secLevel
String levelID=null;
for (IssueSecurityLevel issueSecurityLevel: issueSecurityLevels) {
String name=issueSecurityLevel.getName();
log.debug "DBG: " + name;
log.debug "DBG: " +;
Collection<IssueLinkType> issueLinkTypes = linkTypeManager.getIssueLinkTypes()
String linkID=null;
for (IssueLinkType issueLinkType : issueLinkTypes) {
String name=issueLinkType.getName();
linkManager.createIssueLink(,, Long.parseLong(linkID) , sequence, currentUserObj);
ImportUtils.indexIssues = wasIndexing


Any reason anyone can see why the security level won't be applied? And no error?



3 answers

1 accepted

1 vote
Answer accepted

Figured it out, if this spammed someone - my apologies.  The security level needs to be included in the params of the object passed to the issueMgr's method createIssueObject.  So I re-ordered the operations to set the security level on the newissue object before passing newissue to the create method.


Thanks again for any cycles spent on this.

1 vote

I've not fully understood the code here, but it looks like you are trying to set a security level on a sub-task?  Which you can't do, because sub-tasks always take their parent security level (even if you botch it into the database, the code ignores you)

Thanks for chiming in @Nic Brough [Adaptavist] - I'm not trying to create a subtask, just a linked issue... that section of code works even like this: params = ["issue":newissue] foobar = issueMgr.createIssueObject(currentUserObj, params) log.debug "DBG: " + foobar.getKey() But maybe you're onto something. Thanks again!

Ah, ok. Does the user executing the code have the rights to set security levels?

Interestingly, no. Since the parameters of the object passed into the create method can include a security level (see my answer below) - the user invoking the script need not have set-security-level privs in order for the created issue to have a security level. But create issue privs have to exist for this to work. What we have is a way for internal people to select from a list of groups of external people (vendors) and give them access to an 'RFQ' issue type. The selected vendors can each create Quote issue types that exclusively visible to them (and of course all the internal people). The vendors can see only their Quotes which are linked issues on the RFQ which they can see. We allow multiple vendors access to the RFQ, but they can't edit or comment on it. They can only create a separate, linked Quote issue that they are assigned to.

ciao @Nic Brough -Adaptavist-  

I am trying to do set issue security based on a custom field. I have a custom field that is called Assignment Group. It is a custom field of type Group Picker from Jira. When an issue transits from To Do to In Progress I want to put a post-function in the workflow so that the issue takes the security level equal to the value of the Group Picker. There are three security levels: level-1, level-2 and level-3. The Assignee Groups are three and they are called in the same way: level-1, level-2 and level-3. I do not know how Script Runner can copy the value of the Assignee Group field and put it in the Issue Security Level field. Can anyone help me ?

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events